The Intellectual Property Constituency, meeting at the ICANN conference in Vancouver, was interested in increasing ICANN's budget not because they thought they deserved it, but because they wanted ICANN to actually enforce the rules on the books about fake registrations. Now there's some evidence about how prevalent that is. If there's any surprise here, it's that the numbers are so low.

The General Accountability Office (GAO) supplied a report (abstract, full report [PDF]) to Congress, showing that 3.9 million domain names were registered. Said the GAO:

Based on test results, GAO estimates that 2.31 million domain names (5.14 percent) have been registered with patently false data–data that appeared obviously and intentionally false without verification against any reference data–in one or more of the required contact information fields. GAO also found that 1.64 million (3.65 percent) have been registered with incomplete data in one or more of the required fields. In total, GAO estimates that 3.89 million domain names (8.65 percent) had at least one instance of patently false or incomplete data in the required Whois contact information fields.

The GAO actually went through the ICANN process of reporting the "bad" registrations. They had as much luck as anyone else who has wasted their time with this. Of the 45 reported domain names, 11 were corrected within 30 days, 1 was deleted, and the remaining 33 paid as much attention to it as New Yorkers do to jaywalking tickets.

Meanwhile, sensing publicity, Lamar Smith, R-Tex., hurried out a stern letter just hours after the story broke. In a stirring example of American due process, Smith declared that "vendors unwilling to identify themselves publicly are more than likely fraudulent," and accused ICANN of "failing to weed out fraudulent identifications."

The IP constituency, and brand owners generally, are obviously unhappy about this situation, (as are groups concerned about phishing) because it makes it harder to recover domain names under the UDRP process, although it is possible using the (more expensive) "secret weapon" of suing the domain name itself, the so-called in rem proceeding. Just wait until they run into the conflict with European privacy laws…

Any estimate as to what percentage of fake or missing domain name registration data would be filled in properly — at least on new registrations — if protection of that data from spammers, etc. was mandatory?